Age | Commit message (Collapse) | Author |
|
|
|
system: T4681: convert 'show_uptime.py' script to standardized format
|
|
|
|
|
|
T1024: Firewall and Policy route: add option to match dscp value
|
|
Ability to autocheck available new images
Parse remote URL JSON image-version.json file and compare version
VyOS with a local current version, if find diff sent wall
message that the new image is available
Also, add op-mode command to check images "show system image"
With option "auto-check" check will be once per 12 hours
set system update-check auto-check
set system update-check url 'http://example.com/image-version.json'
If new version is available shows it per login (MOTD)
|
|
firewall and in policy route
|
|
T4670: policy route: extend matching criteria for policy route and route6
|
|
|
|
radius: T4672: Fix RADIUS server disable template logic
|
|
|
|
bridge: T4673: raise UnconfiguredSubsystem on non-existent bridge intf
|
|
|
|
|
|
Matching criteria added: ttl/hoplimit and packet-length
|
|
|
|
* firewall:
firewall: T4651: re-implement packet-length CLI option to use <multi/>
firewall: T3568: improve default-action help string
firewall: T3568: add XML include block for eq,gt,lt options
smoketest: firewall: add re-usable variables when running testcases
Firewall: T4651: Change proposed cli from ip-length to packet-length
Firewall: T4651: Add options to match packet size on firewall rules.
|
|
|
|
|
|
|
|
|
|
bonding: T4668: Fix bond members not adding/interface state incorrect
|
|
Fixes several bugs around bonding member interface states not matching
the committed configuration, including:
- Disabled removed interfaces coming back up
- Newly added disabled interfaces not staying down
- Newly added interfaces not showing up in the bond
|
|
Refactor interfaces-bonding.py to simplify existing code and to remove
potentially bugprone sections in preparation for member add/remove
fixes for T4668.
|
|
* 'T4651' of https://github.com/nicolas-fort/vyos-1x:
Firewall: T4651: Change proposed cli from ip-length to packet-length
Firewall: T4651: Add options to match packet size on firewall rules.
|
|
|
|
nat: T538: Add static NAT one-to-one
|
|
policy-route: T4655: Remove default_action from template
|
|
T4665: Keepalived: Allow same VRID on interface
|
|
macvlan: T4663: Fix update mode for pethX interface
|
|
Fix the issue when configured pseudo-ethernet interface cannot
change self mode
|
|
Remove `default_action` from template "nftables-policy" as XML
policy route does not use it
Set default action 'accept' for policy route, as default action
'drop' must be used only for firewall and not related to the
policy route
|
|
Using the same VRID on an interface is allowed as long as
the address family is different (VRRPv2 vs VRRPv3)
|
|
|
|
This extends the implementation of commit 0cc7e0a49094 ("firewall: T4655: Fix
default action 'drop' for the firewall") in a way that we can now also use the
XML <defaultValue> node under "firewall name" and "firewall ipv6-name". This
is a much cleaner approach which also adds the default value automatically to
the CLIs completion helper ("?").
|
|
The CLI command was a duplicate of the "show dns forwarding" command and did
not follow or re-trigger the commadn to watch it. It produced 1:1 the same
output as "show dns forwarding".
|
|
|
|
|
|
opmode: T4657: fixed opmode with return type hints
|
|
firewall: T4655: Fix default action 'drop' for the firewall
|
|
nat: T4367: Move nat rules from /tmp to /run/nftables_nat.conf
|
|
console: T4646: Fixed USB console issues
|
|
This commit excludes `return` from `typing.get_type_hints()` output,
which allows generate argparse arguments for function properly.
|
|
* fixed the `systemctl restart` command that used a value from config instead
converted to `ttyUSBX`
* moved systemd units from `/etc/` to `/run/`
|
|
Commit 31169fa8a763e ("vyos.ifconfig: T3619: only set offloading options if
supported by NIC") added the new implementation which handles NIC offloading.
Unfortunately every single implementation was copied from "gro" which resulted
in a change to gro for each offloading option - thus options like lro, sg, tso
had no effect at all.
It all comes down to copy/paste errors ... one way or another.
|
|
For some reason after firewall rewriting we are having default
action 'accept' for 1.4 and default action 'drop' for 1.3
Fix this issue, set default action 'drop'
|
|
Move nftables nat configuration from /tmp to /run
As we have for other services like firewall, conntrack
Don't remove the config file '/run/nftables_nat.conf' after commit
|
|
rpki: T4654: Fix RPKI cache description
|
|
Fix wrong descriptions for the RPKI server
It was mentioned about the NTP server
|
|
|